Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Java Secure Socket Extension (JSSE)

SSLProtocolException: no more data allowed ...

Hi all, am implementing a SSL client and the server is an embedded system running some proprietary version of SSL. I can connect to the server with openssl, but when using a java application I get the following error:

main, handling exception: javax.net.ssl.SSLProtocolException: no more data allowed for version 1 certificate

I've never heard of that one and couldn't find anything about it on this forum.

Here is a little context. This happens during or soon after ServerHello. I don't think I even getting to the point where we are exchanging certificates. Any ideas?

main, READ: TLSv1 Handshake, length = 866

*** ServerHello, TLSv1

RandomCookie: GMT: 0 bytes = { 222, 161, 92, 159, 198, 110, 108, 1, 112, 158, 192, 134, 140, 12, 117, 247, 83, 160, 58, 136, 71, 39, 84, 187, 173, 74, 9, 118 }

Session ID: {}

Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA

Compression Method: 0

***

%% Created: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]

** TLS_RSA_WITH_AES_128_CBC_SHA

[read] MD5 and SHA1 hashes: len = 42

0000: 02 00 00 26 03 01 00 0000 00 DE A1 5C 9F C6 6E ...&........\..n

0010: 6C 01 70 9E C0 86 8C 0C75 F7 53 A0 3A 88 47 27 l.p.....u.S.:.G'

0020: 54 BB AD 4A 09 76 00 002F 00T..J.v../.

main, handling exception: javax.net.ssl.SSLProtocolException: no more data allowed for version 1 certificate

main, SEND TLSv1 ALERT: fatal, description = unexpected_message

main, WRITE: TLSv1 Alert, length = 2

[1526 byte] By [Developer_Named_Aarona] at [2007-11-27 11:59:04]
«« getResource() returning null sporadically
»» focus tranfer between panels
# 1

A bit more info: here is the stack trace of the crash. Very grateful for any suggestions:

main, called closeSocket()

javax.net.ssl.SSLProtocolException: no more data allowed for version 1 certificate

at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateMsg.<init>(HandshakeMessage.java:406)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)

at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1056)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1040)

at tellabs.access.core.ssl_proxy.getSSLSocket(ssl_proxy.java:147)

at tellabs.access.core.ssl_proxy.<init>(ssl_proxy.java:175)

at tellabs.access.core.ssl_proxy.main(ssl_proxy.java:349)

at tellabs.access.upgradeserver.upgrade_server.cmd_args(upgrade_server.java:83)

at tellabs.access.upgradeserver.upgrade_server.main(upgrade_server.java:141)

Caused by: java.security.cert.CertificateParsingException: no more data allowed for version 1 certificate

at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:693)

at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:152)

at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1729)

at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:179)

at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:90)

at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)

at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateMsg.<init>(HandshakeMessage.java:404)

... 12 more

And here is my socket client code:

public static Socket getSSLSocket(InetAddress addr,int port) {

try {

// Make sure that JSSE is available

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

// A keystore is where keys and certificates are kept

// Both the keystore and individual private keys should be password protected

KeyStore keystore = KeyStore.getInstance("JKS");

char[] pw = new char[trustStorePassword.length()];

trustStorePassword.getChars(0,trustStorePassword.length(),pw,0);

InputStream is = openTrustStore();

keystore.load(is, pw);

TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");

tmf.init(keystore);

// An SSLContext is an environment for implementing JSSE

// It is used to create a ServerSocketFactory

SSLContext sslc = SSLContext.getInstance("TLSv1");

// Initialize the SSLContext to work with our key managers

sslc.init(null,tmf.getTrustManagers(), null);

// Create a ServerSocketFactory from the SSLContext

SocketFactory ssf = sslc.getSocketFactory();

// Socket to me

SSLSocket socket =

(SSLSocket) ssf.createSocket(addr,port);

socket.startHandshake();

// Return a ServerSocket on the desired port (443)

return socket;

}

catch (Exception e) {

loggerAll.log(Level.ALL,"SSL socket exception: " + e.getMessage() + ": " + e.toString());

e.printStackTrace();

return null;

}

public static InputStream openTrustStore() {

try {

ClassLoader loader = ssl_proxy.class.getClassLoader();

URL resource = loader.getResource("us_store.keystore");

InputStream is = resource.openStream();

System.out.println("opened jar");

return is;

}

catch (IOException ioe) {

loggerAll.log(Level.ALL,"Exception in openTrustStore" + ioe);

}

return null;

}

Developer_Named_Aarona at 2007-7-29 19:23:30 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 2

It's the certificate. Generate or obtain an X.509 version 3 certificate.

ejpa at 2007-7-29 19:23:30 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
Security
Java Secure Socket Extension (JSSE)

Security Hot Topic

Security

All Classified